[Bug 209470] Kernel Panic Seen after using Dtrace FBT provider with the kernel module on arm

bugzilla-noreply at freebsd.org bugzilla-noreply at freebsd.org
Thu May 12 18:15:48 UTC 2016 

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=209470

            Bug ID: 209470
           Summary: Kernel Panic Seen after using Dtrace FBT provider with
                    the kernel module on arm
           Product: Base System
           Version: 10.1-RELEASE
          Hardware: arm
                OS: Any
            Status: New
          Severity: Affects Many People
          Priority: ---
         Component: kern
          Assignee: freebsd-bugs at FreeBSD.org
          Reporter: abhya007 at gmail.com

I was using Dtrace using the FBT provider on an arm platform with witness
enabled. When FBT is used with the kernel module, it generates a kernel
panic or the system becomes unresponsive. Is this problem know or seen
before. I am copying the kernel backtrace below for reference. The issue
seems to be with a blockable sleep lock(kld_sx) acquired which is
conflicting with the td->td_critnest positive value.

The following is the kernel backtrace :

dtrace: script 'dtrace_script' matched 1 probe
panic: acquiring blockable sleep lock with spinlock or critical section held
(sx) kernel linker @
/.amd/svl-engdata1vs1/occamdev/build/freebsd/head/20160325.175306_fbsd-bui
lder_head.324786/src/sys/kern/kern_linker.c:552
newpanic = 1, trace_on_panic = 1, debugger_on_panic = 0
[panic] backtrace is as follows:
KDB: stack backtrace:
db_trace_self() at db_trace_self
         pc = 0xc128bb68  lr = 0xc1039f8c (db_trace_self_wrapper+0x30)
         sp = 0xea736798  fp = 0xea7368b0
        r10 = 0xc63bc6a0
db_trace_self_wrapper() at db_trace_self_wrapper+0x30
         pc = 0xc1039f8c  lr = 0xc1180e3c (kdb_backtrace+0x3c)
         sp = 0xea7368b8  fp = 0xea7368c0
         r4 = 0xc13d4b64  r5 = 0x00000001
         r6 = 0xc139c600  r7 = 0xc139c640
kdb_backtrace() at kdb_backtrace+0x3c
         pc = 0xc1180e3c  lr = 0xc1148400 (vpanic+0xec)
         sp = 0xea7368c8  fp = 0xea7368e0
         r4 = 0x00000100 r10 = 0xc63bc6a0
vpanic() at vpanic+0xec
         pc = 0xc1148400  lr = 0xc1148314 (vpanic)
         sp = 0xea7368e8  fp = 0xea736900
         r4 = 0xc13c7018  r5 = 0xc12fc5ed
         r6 = 0xea73690c  r7 = 0xc13c6f80
         r8 = 0xc12e76f0  r9 = 0xc139f740
vpanic() at vpanic
         pc = 0xc1148314  lr = 0xc119b080 (witness_checkorder+0x128)
         sp = 0xea736908  fp = 0xea736960
         r4 = 0xea73690c  r5 = 0x00000000
         r6 = 0x00000009  r7 = 0xc12d6222
         r8 = 0xc155e6c0  r9 = 0x00000228
witness_checkorder() at witness_checkorder+0x128
         pc = 0xc119b080  lr = 0xc114fafc (_sx_xlock+0x80)
         sp = 0xea736968  fp = 0xea736988
         r4 = 0x00000228  r5 = 0xc12ef932
         r6 = 0xc13c5800  r7 = 0xc13c57f0
         r8 = 0x00000000  r9 = 0x0000003c
        r10 = 0x0000000f
_sx_xlock() at _sx_xlock+0x80
         pc = 0xc114fafc  lr = 0xc112583c (linker_file_foreach+0x34)
         sp = 0xea736990  fp = 0xea7369a8
         r4 = 0xc13c57d0  r5 = 0xea7369b0
         r6 = 0xc12a6bc0  r7 = 0xc6e50c70
         r8 = 0xc13c57f0 r10 = 0x0000000f
linker_file_foreach() at linker_file_foreach+0x34
         pc = 0xc112583c  lr = 0xc12a67d0 (unwind_stack_one+0x5c)
         sp = 0xea7369b0  fp = 0xea7369d8
         r4 = 0xea736b38  r5 = 0xea7369b0
         r6 = 0x00000000  r7 = 0xc6e50c70
         r8 = 0xc137e698 r10 = 0x0000000f
unwind_stack_one() at unwind_stack_one+0x5c
         pc = 0xc12a67d0  lr = 0xc6e4d688 ($a+0x2e8)
         sp = 0xea7369e0  fp = 0xea736bb0
         r4 = 0xc86a0400  r5 = 0x00000000
         r6 = 0xea736b38  r7 = 0x00000004
         r8 = 0xc8b14018  r9 = 0x0000003c
        r10 = 0x0000000f
$a() at $a+0x2e8
         pc = 0xc6e4d688  lr = 0xc6e8823c (fbt_invop+0x94)
         sp = 0xea736bb8  fp = 0xea736bd0
         r4 = 0xc6fb3040  r5 = 0xc6e7a058
         r6 = 0x00000000  r7 = 0xc6b16ca0
         r8 = 0xc63bc6a0  r9 = 0xc119be08
        r10 = 0x00000000
fbt_invop() at fbt_invop+0x94
         pc = 0xc6e8823c  lr = 0xc6e6466c ($a+0x38)
         sp = 0xea736bd8  fp = 0xea736be8
         r4 = 0xea736c70  r5 = 0xffffffff
         r6 = 0xc119be08 r10 = 0x00000000
$a() at $a+0x38
         pc = 0xc6e6466c  lr = 0xc12a66f0 (undefinedinstruction+0x3b8)
         sp = 0xea736bf0  fp = 0xea736c68
         r4 = 0xea736c70  r5 = 0xc63bc6a0
         r6 = 0x00000000  r7 = 0xe7f000f0
undefinedinstruction() at undefinedinstruction+0x3b8
         pc = 0xc12a66f0  lr = 0xc128e5a8 (exception_exit)
         sp = 0xea736c70  fp = 0xea736d48
         r4 = 0xc5b25ca0  r5 = 0xc6032028
         r6 = 0xc155e6c0  r7 = 0xc5b201a0
         r8 = 0xc140e194  r9 = 0xc155e70c
        r10 = 0x00000009
exception_exit() at exception_exit
         pc = 0xc128e5a8  lr = 0xc119b5dc (witness_checkorder+0x684)
         sp = 0xea736d00  fp = 0xea736d48
         r0 = 0xc5b201a0  r1 = 0xc5b25ca0
         r2 = 0x0000003c  r3 = 0xc12fd0fa
         r4 = 0xc5b25ca0  r5 = 0xc6032028
         r6 = 0xc155e6c0  r7 = 0xc5b201a0
         r8 = 0xc140e194  r9 = 0xc155e70c
        r10 = 0x00000009 r12 = 0xc155e6c0
witness_lock_order_add() at witness_lock_order_add
         pc = 0xc119be08  lr = 0xc114fafc (_sx_xlock+0x80)
         sp = 0xea736d50  fp = 0xea736d70
         r4 = 0x00000aba  r5 = 0xc12dccfb
         r6 = 0xc6032038  r7 = 0xc6032028
         r8 = 0x00000000  r9 = 0xc13c4988
        r10 = 0x00000002
_sx_xlock() at _sx_xlock+0x80
         pc = 0xc114fafc  lr = 0xc107dcdc (usbd_enum_lock+0x40)
         sp = 0xea736d78  fp = 0xea736d80
         r4 = 0xc6032000  r5 = 0xc12dccfb
         r6 = 0xc63d2500  r7 = 0xc63e8800
         r8 = 0x00000001 r10 = 0x00000002
usbd_enum_lock() at usbd_enum_lock+0x40
         pc = 0xc107dcdc  lr = 0xc10869b0
(uhub_explore_handle_re_enumerate+0x20)
         sp = 0xea736d88  fp = 0xea736d98
         r4 = 0xc6032000  r5 = 0xc6032000
uhub_explore_handle_re_enumerate() at uhub_explore_handle_re_enumerate+0x20
         pc = 0xc10869b0  lr = 0xc1089bf4 ($a+0x3c8)
         sp = 0xea736da0  fp = 0xea736de8
         r4 = 0xc659a168  r5 = 0xc6032000
         r6 = 0xc63d2500 r10 = 0x00000002
$a() at $a+0x3c8
         pc = 0xc1089bf4  lr = 0xc1070f50 (usb_bus_explore+0xf0)
         sp = 0xea736df0  fp = 0xea736e00
         r4 = 0xc6052c78  r5 = 0xc63e8800
         r6 = 0xc6052eb0  r7 = 0xc12daed8
         r8 = 0xc13c49a0  r9 = 0xc12df2a9
        r10 = 0xc6052d0c
usb_bus_explore() at usb_bus_explore+0xf0
         pc = 0xc1070f50  lr = 0xc108c014 (usb_process+0xdc)
         sp = 0xea736e08  fp = 0xea736e28
         r4 = 0xc6052cfc  r5 = 0xc6052d04
         r6 = 0xc6052d5c  r7 = 0xc12df29d
usb_process() at usb_process+0xdc
         pc = 0xc108c014  lr = 0xc1117c94 (fork_exit+0x84)
         sp = 0xea736e30  fp = 0xea736e48
         r4 = 0xc63bc6a0  r5 = 0xc5f7cac8
         r6 = 0xc108bf38  r7 = 0xc6052cfc
         r8 = 0xea736e50  r9 = 0x00000000
        r10 = 0x00000000
fork_exit() at fork_exit+0x84
         pc = 0xc1117c94  lr = 0xc128e538 (swi_exit)
         sp = 0xea736e50  fp = 0x00000000
         r4 = 0xc108bf38  r5 = 0xc6052cfc
         r6 = 0x00000000  r7 = 0x00000000
         r8 = 0x00000000 r10 = 0x00000000
swi_exit() at swi_exit
         pc = 0xc128e538  lr = 0xc128e538 (swi_exit)
         sp = 0xea736e50  fp = 0x00000000
KDB: Current process: usb
[panic] backtrace end
[panic] rebooting kernel with options 104
Uptime: 7m58s

Had an email exchange with Mark Johnston who agreed upon a bug being filed
about this.

-- 
You are receiving this mail because:
You are the assignee for the bug.

More information about the freebsd-bugs mailing list